Skip to content

libct.Start: fix locking, do not allow a second container init#4271

Merged
lifubang merged 3 commits intoopencontainers:mainfrom
kolyshkin:two-inits
Jun 11, 2024
Merged

libct.Start: fix locking, do not allow a second container init#4271
lifubang merged 3 commits intoopencontainers:mainfrom
kolyshkin:two-inits

Conversation

@kolyshkin
Copy link
Copy Markdown
Contributor

@kolyshkin kolyshkin commented May 7, 2024
edited
Loading

By definition, every container has only 1 init (i.e. PID 1) process.

Apparently, libcontainer API supported running more than 1 "init", and
two tests mistakenly used it. Of course, the second "init" was not
PID 1, but it was started like init and, I guess, some of the Container fields
were set to wrong values.

Let's not allow that, erroring out if we already have init running.

Fix two cases in libct/int which ran two inits inside a container.
Also, fix a locking issue and remove some code that's not needed.

@kolyshkin kolyshkin force-pushed the two-inits branch 2 times, most recently from dfe38a9 to 2575cf4 Compare May 7, 2024 21:06
@kolyshkin kolyshkin marked this pull request as ready for review May 7, 2024 21:06
@kolyshkin kolyshkin requested a review from lifubang May 7, 2024 21:07
@kolyshkin
Copy link
Copy Markdown
Contributor Author

kolyshkin commented May 30, 2024

@opencontainers/runc-maintainers PTAL

@kolyshkin kolyshkin requested a review from cyphar June 9, 2024 21:16
@kolyshkin
Copy link
Copy Markdown
Contributor Author

kolyshkin commented Jun 9, 2024

@lifubang ptal

@lifubang
Copy link
Copy Markdown
Member

lifubang commented Jun 9, 2024

fix a locking issue

SGTM, but could you give some details for this issue in commit 3b5376f? I think it's a refactor, but not a fix?

lifubang
lifubang reviewed Jun 10, 2024
View reviewed changes
libcontainer/container_linux.go
if err := c.createExecFifo(); err != nil {
return err
}
defer func() {
Copy link
Copy Markdown
Member

@lifubang lifubang Jun 10, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe this defer should be moved to the position before createExecFifo, please see #4319.
I don't know whether this PR(4271) should be backported to release-1.1 branch or not, so I opened #4319(seems need backport), feel free to close it.

Copy link
Copy Markdown
Member

@lifubang lifubang Jun 10, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My suggestion change is unneeded Once #4319 merged.

@kolyshkin
Copy link
Copy Markdown
Contributor Author

kolyshkin commented Jun 11, 2024

fix a locking issue

SGTM, but could you give some details for this issue in commit 3b5376f? I think it's a refactor, but not a fix?

Maybe the commit message is too long and vague. Here's an except about the main issue: "part of c.Run executing without the lock". I did not get too deep inside why this locking is needed, but if it is needed, it is a bug to execute Run in parallel with, say, Start. This is what's being fixed.

kolyshkin added 3 commits June 10, 2024 22:30
@kolyshkin
libct: createExecFifo: rm unneeded os.Stat
304a4c0 
In case file already exists, mknod(2) will return EEXIST.

This os.Stat call was (inadvertently?) added by commit 805b8c7.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin
libct: fix locking in Start/Run/Exec
e3e1072 
1. The code to call c.exec from c.Run was initially added by commit
   3aacff6. At the time, there was a lock in c.Run. That lock was
   removed by commit bd3c4f8, which resulted in part of c.Run executing
   without the lock.

2. All the Start/Run/Exec calls were a mere wrappers for start/run/exec
   adding a lock, but some more code crept into Start at some point,
   e.g. by commits 805b8c7 and 108ee85. Since the reason mentioned in
   commit 805b8c7 is no longer true after refactoring, we can fix this.

Fix both issues by moving code out of wrappers, and adding locking into
c.Run.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin
libct: don't allow to start second init process
42cea2e 
By definition, every container has only 1 init (i.e. PID 1) process.

Apparently, libcontainer API supported running more than 1 init, and
at least one tests mistakenly used it.

Let's not allow that, erroring out if we already have init. Doing
otherwise _probably_ results in some confusion inside the library.

Fix two cases in libct/int which ran two inits inside a container.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@lifubang
Copy link
Copy Markdown
Member

lifubang commented Jun 11, 2024

Here's an except about the main issue: "part of c.Run executing without the lock".

I understand now, thanks your explanation.

@lifubang lifubang merged commit 9d60019 into opencontainers:main Jun 11, 2024
@lifubang lifubang mentioned this pull request Jun 14, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lifubang lifubang lifubang approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

@cyphar cyphar Awaiting requested review from cyphar

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kolyshkin @lifubang @AkihiroSuda